<!DOCTYPE html>
<html lang="zh-CN">
<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta name="keywords" content="Hexo Theme Redefine">
    
    <meta name="author" content="xiaoeryu">
    <!-- preconnect -->
    <link rel="preconnect" href="https://fonts.googleapis.com">
    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>

    
    <!--- Seo Part-->
    
    <link rel="canonical" href="https://xiaoeeyu.github.io/2024/06/01/java层socket抓包与源码分析（上）/"/>
    <meta name="robots" content="index,follow">
    <meta name="googlebot" content="index,follow">
    <meta name="revisit-after" content="1 days">
    
    
    
        
        <meta name="description" content="tcp&#x2F;udp协议以及一些字段的溯源，快速定位一些字段（例如用户名和密码）是怎么加密的，分析出来之后怎么去进行枚举、重放。 典型的应用就是怎么去编写爬虫去爬去例如商城的商品等  问题接下来几篇文章我们需要解决的问题  如何对自定义协议进行逆向分析？ 发送参数被加密，如何快速完成参数处理流程的定位？ 加密算法复杂，如何主动调用完成对数据包的处理和重放？  目标通过分析需要达到的目的  掌握阅读和分析">
<meta property="og:type" content="article">
<meta property="og:title" content="Java层socket抓包与源码分析（上）">
<meta property="og:url" content="https://xiaoeeyu.github.io/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/index.html">
<meta property="og:site_name" content="xiaoeryu">
<meta property="og:description" content="tcp&#x2F;udp协议以及一些字段的溯源，快速定位一些字段（例如用户名和密码）是怎么加密的，分析出来之后怎么去进行枚举、重放。 典型的应用就是怎么去编写爬虫去爬去例如商城的商品等  问题接下来几篇文章我们需要解决的问题  如何对自定义协议进行逆向分析？ 发送参数被加密，如何快速完成参数处理流程的定位？ 加密算法复杂，如何主动调用完成对数据包的处理和重放？  目标通过分析需要达到的目的  掌握阅读和分析">
<meta property="og:locale" content="zh_CN">
<meta property="og:image" content="https://xiaoeeyu.github.io/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240527165013099.png">
<meta property="og:image" content="https://xiaoeeyu.github.io/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240531123232991.png">
<meta property="og:image" content="https://xiaoeeyu.github.io/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240531123256577.png">
<meta property="og:image" content="https://xiaoeeyu.github.io/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240531122459703.png">
<meta property="og:image" content="https://xiaoeeyu.github.io/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240531152406588.png">
<meta property="og:image" content="https://xiaoeeyu.github.io/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240531164140370.png">
<meta property="og:image" content="https://xiaoeeyu.github.io/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240531164319343.png">
<meta property="og:image" content="https://xiaoeeyu.github.io/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240531182636108.png">
<meta property="og:image" content="https://xiaoeeyu.github.io/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240531185409687.png">
<meta property="og:image" content="https://xiaoeeyu.github.io/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240531185801277.png">
<meta property="og:image" content="https://xiaoeeyu.github.io/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240531233558633.png">
<meta property="og:image" content="https://xiaoeeyu.github.io/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240601013358738.png">
<meta property="og:image" content="https://xiaoeeyu.github.io/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240601022304835.png">
<meta property="og:image" content="https://xiaoeeyu.github.io/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240601223536475.png">
<meta property="og:image" content="https://xiaoeeyu.github.io/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240601230334985.png">
<meta property="og:image" content="https://xiaoeeyu.github.io/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240601232134172.png">
<meta property="og:image" content="https://xiaoeeyu.github.io/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240601234311781.png">
<meta property="og:image" content="https://xiaoeeyu.github.io/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240601234258302.png">
<meta property="article:published_time" content="2024-06-01T02:26:37.000Z">
<meta property="article:modified_time" content="2024-06-05T22:05:16.580Z">
<meta property="article:author" content="xiaoeryu">
<meta property="article:tag" content="App抓包">
<meta property="article:tag" content="Frida Hook">
<meta property="article:tag" content="socket抓包">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="https://xiaoeeyu.github.io/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240527165013099.png">
    
    
    <!--- Icon Part-->
    <link rel="icon" type="image/png" href="/images/rabete.jpg" sizes="192x192">
    <link rel="apple-touch-icon" sizes="180x180" href="/images/rabete.jpg">
    <meta name="theme-color" content="#A31F34">
    <link rel="shortcut icon" href="/images/rabete.jpg">
    <!--- Page Info-->
    
    <title>
        
            Java层socket抓包与源码分析（上） | xiaoeryu
        
    </title>

    
<link rel="stylesheet" href="/fonts/Chillax/chillax.css">


    <!--- Inject Part-->
    

    
<link rel="stylesheet" href="/css/style.css">


    
        
<link rel="stylesheet" href="/css/build/tailwind.css">

    

    
<link rel="stylesheet" href="/fonts/GeistMono/geist-mono.css">

    
<link rel="stylesheet" href="/fonts/Geist/geist.css">

    <!--- Font Part-->
    
    
    
    
    
    

    <script id="hexo-configurations">
    window.config = {"hostname":"xiaoeeyu.github.io","root":"/","language":"zh-CN","path":"search.xml"};
    window.theme = {"articles":{"style":{"font_size":"16px","line_height":1.5,"image_border_radius":"14px","image_alignment":"center","image_caption":false,"link_icon":true,"delete_mask":false,"title_alignment":"left","headings_top_spacing":{"h1":"3.2rem","h2":"2.4rem","h3":"1.9rem","h4":"1.6rem","h5":"1.4rem","h6":"1.3rem"}},"word_count":{"enable":true,"count":true,"min2read":true},"author_label":{"enable":true,"auto":false,"list":[]},"code_block":{"copy":true,"style":"mac","highlight_theme":{"light":"github","dark":"vs2015"},"font":{"enable":false,"family":null,"url":null}},"toc":{"enable":true,"max_depth":4,"number":false,"expand":true,"init_open":true},"copyright":{"enable":true,"default":"cc_by_nc_sa"},"lazyload":true,"pangu_js":false,"recommendation":{"enable":false,"title":"推荐阅读","limit":3,"mobile_limit":2,"placeholder":"/images/ball-0101.jpg","skip_dirs":[]}},"colors":{"primary":"#A31F34","secondary":null,"default_mode":"light"},"global":{"fonts":{"chinese":{"enable":false,"family":null,"url":null},"english":{"enable":false,"family":null,"url":null},"title":{"enable":false,"family":null,"url":null}},"content_max_width":"1000px","sidebar_width":"210px","hover":{"shadow":true,"scale":false},"scroll_progress":{"bar":false,"percentage":true},"website_counter":{"url":"https://busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js","enable":true,"site_pv":true,"site_uv":true,"post_pv":true},"single_page":true,"preloader":{"enable":false,"custom_message":null},"open_graph":true,"google_analytics":{"enable":false,"id":null}},"home_banner":{"enable":true,"style":"fixed","image":{"light":"/images/wallhaven-jxl31y.png","dark":"/images/wallhaven-o5762l.png"},"title":"XIAOERYU","subtitle":{"text":["明心见性，拨云见日","Don't wait, to create"],"hitokoto":{"enable":false,"show_author":false,"api":"https://v1.hitokoto.cn"},"typing_speed":100,"backing_speed":80,"starting_delay":500,"backing_delay":1500,"loop":true,"smart_backspace":true},"text_color":{"light":"#fff","dark":"#d1d1b6"},"text_style":{"title_size":"2.8rem","subtitle_size":"1.5rem","line_height":1.2},"custom_font":{"enable":false,"family":null,"url":null},"social_links":{"enable":true,"style":"default","links":{"github":"https://github.com/xiaoeeyu","instagram":null,"zhihu":null,"twitter":null,"email":"xiaoeryu@163.com"},"qrs":{"weixin":null}}},"plugins":{"feed":{"enable":false},"aplayer":{"enable":false,"type":"fixed","audios":[{"name":null,"artist":null,"url":null,"cover":null,"lrc":null}]},"mermaid":{"enable":false,"version":"9.3.0"}},"version":"2.8.2","navbar":{"auto_hide":false,"color":{"left":"#f78736","right":"#367df7","transparency":35},"width":{"home":"1200px","pages":"1000px"},"links":{"Home":{"path":"/","icon":"fa-regular fa-house"},"Archives":{"path":"/archives","icon":"fa-regular fa-archive"}},"search":{"enable":true,"preload":true}},"page_templates":{"friends_column":2,"tags_style":"blur"},"home":{"sidebar":{"enable":true,"position":"left","first_item":"menu","announcement":null,"show_on_mobile":true,"links":null},"article_date_format":"auto","excerpt_length":200,"categories":{"enable":true,"limit":3},"tags":{"enable":true,"limit":3}},"footerStart":"2022/8/17 11:45:14"};
    window.lang_ago = {"second":"%s 秒前","minute":"%s 分钟前","hour":"%s 小时前","day":"%s 天前","week":"%s 周前","month":"%s 个月前","year":"%s 年前"};
    window.data = {"masonry":false};
  </script>
    
    <!--- Fontawesome Part-->
    
<link rel="stylesheet" href="/fontawesome/fontawesome.min.css">

    
<link rel="stylesheet" href="/fontawesome/brands.min.css">

    
<link rel="stylesheet" href="/fontawesome/solid.min.css">

    
<link rel="stylesheet" href="/fontawesome/regular.min.css">

    
    
    
    
<meta name="generator" content="Hexo 6.3.0">
<style>.github-emoji { position: relative; display: inline-block; width: 1.2em; min-height: 1.2em; overflow: hidden; vertical-align: top; color: transparent; }  .github-emoji > span { position: relative; z-index: 10; }  .github-emoji img, .github-emoji .fancybox { margin: 0 !important; padding: 0 !important; border: none !important; outline: none !important; text-decoration: none !important; user-select: none !important; cursor: auto !important; }  .github-emoji img { height: 1.2em !important; width: 1.2em !important; position: absolute !important; left: 50% !important; top: 50% !important; transform: translate(-50%, -50%) !important; user-select: none !important; cursor: auto !important; } .github-emoji-fallback { color: inherit; } .github-emoji-fallback img { opacity: 0 !important; }</style>
</head>



<body>
	<div class="progress-bar-container">
	

	
	<span class="pjax-progress-bar"></span>
	<!--        <span class="swup-progress-icon">-->
	<!--            <i class="fa-solid fa-circle-notch fa-spin"></i>-->
	<!--        </span>-->
	
</div>

<main class="page-container" id="swup">

	

	<div class="main-content-container flex flex-col justify-between min-h-dvh">
		<div class="main-content-header">
			<header class="navbar-container px-6 md:px-12">
    <div class="navbar-content transition-navbar ">
        <div class="left">
            
                <a class="logo-image h-8 w-8 sm:w-10 sm:h-10 mr-3" href="/">
                    <img src="/images/rabete.jpg" class="w-full h-full rounded-sm">
                </a>
            
            <a class="logo-title" href="/">
                
                xiaoeryu
                
            </a>
        </div>

        <div class="right">
            <!-- PC -->
            <div class="desktop">
                <ul class="navbar-list">
                    
                        
                            

                            <li class="navbar-item">
                                <!-- Menu -->
                                <a class=""
                                   href="/"
                                        >
                                    <i class="fa-regular fa-house fa-fw"></i>
                                    首页
                                    
                                </a>

                                <!-- Submenu -->
                                
                            </li>
                    
                        
                            

                            <li class="navbar-item">
                                <!-- Menu -->
                                <a class=""
                                   href="/archives"
                                        >
                                    <i class="fa-regular fa-archive fa-fw"></i>
                                    归档
                                    
                                </a>

                                <!-- Submenu -->
                                
                            </li>
                    
                    
                        <li class="navbar-item search search-popup-trigger">
                            <i class="fa-solid fa-magnifying-glass"></i>
                        </li>
                    
                </ul>
            </div>
            <!-- Mobile -->
            <div class="mobile">
                
                    <div class="icon-item search search-popup-trigger"><i class="fa-solid fa-magnifying-glass"></i>
                    </div>
                
                <div class="icon-item navbar-bar">
                    <div class="navbar-bar-middle"></div>
                </div>
            </div>
        </div>
    </div>

    <!-- Mobile sheet -->
    <div class="navbar-drawer h-dvh w-full absolute top-0 left-0 bg-background-color flex flex-col justify-between">
        <ul class="drawer-navbar-list flex flex-col px-4 justify-center items-start">
            
                
                    

                    <li class="drawer-navbar-item text-base my-1.5 flex flex-col w-full">
                        
                        <a class="py-1.5 px-2 flex flex-row items-center justify-between gap-1 hover:!text-primary active:!text-primary text-2xl font-semibold group border-b border-border-color hover:border-primary w-full "
                           href="/"
                        >
                            <span>
                                首页
                            </span>
                            
                                <i class="fa-regular fa-house fa-sm fa-fw"></i>
                            
                        </a>
                        

                        
                    </li>
            
                
                    

                    <li class="drawer-navbar-item text-base my-1.5 flex flex-col w-full">
                        
                        <a class="py-1.5 px-2 flex flex-row items-center justify-between gap-1 hover:!text-primary active:!text-primary text-2xl font-semibold group border-b border-border-color hover:border-primary w-full "
                           href="/archives"
                        >
                            <span>
                                归档
                            </span>
                            
                                <i class="fa-regular fa-archive fa-sm fa-fw"></i>
                            
                        </a>
                        

                        
                    </li>
            

            
            
        </ul>

        <div class="statistics flex justify-around my-2.5">
    <a class="item tag-count-item flex flex-col justify-center items-center w-20" href="/tags">
        <div class="number text-2xl sm:text-xl text-second-text-color font-semibold">92</div>
        <div class="label text-third-text-color text-sm">标签</div>
    </a>
    <a class="item tag-count-item flex flex-col justify-center items-center w-20" href="/categories">
        <div class="number text-2xl sm:text-xl text-second-text-color font-semibold">14</div>
        <div class="label text-third-text-color text-sm">分类</div>
    </a>
    <a class="item tag-count-item flex flex-col justify-center items-center w-20" href="/archives">
        <div class="number text-2xl sm:text-xl text-second-text-color font-semibold">112</div>
        <div class="label text-third-text-color text-sm">文章</div>
    </a>
</div>
    </div>

    <div class="window-mask"></div>

</header>


		</div>

		<div class="main-content-body transition-fade-up">
			

			<div class="main-content">
				<div class="post-page-container flex relative justify-between box-border w-full h-full">
	<div class="article-content-container">

		<div class="article-title relative w-full">
			
			<div class="w-full flex items-center pt-6 justify-start">
				<h1 class="article-title-regular text-second-text-color tracking-tight text-4xl md:text-6xl font-semibold px-2 sm:px-6 md:px-8 py-3">Java层socket抓包与源码分析（上）</h1>
			</div>
			
		</div>

		
		<div class="article-header flex flex-row gap-2 items-center px-2 sm:px-6 md:px-8">
			<div class="avatar w-[46px] h-[46px] flex-shrink-0 rounded-medium border border-border-color p-[1px]">
				<img src="/images/rabete.jpg">
			</div>
			<div class="info flex flex-col justify-between">
				<div class="author flex items-center">
					<span class="name text-default-text-color text-lg font-semibold">xiaoeryu</span>
					
					<span class="author-label ml-1.5 text-xs px-2 py-0.5 rounded-small text-third-text-color border border-shadow-color-1">Lv5</span>
					
				</div>
				<div class="meta-info">
					<div class="article-meta-info">
    <span class="article-date article-meta-item">
        <i class="fa-regular fa-pen-fancy"></i>&nbsp;
        <span class="desktop">2024-06-01 10:26:37</span>
        <span class="mobile">2024-06-01 10:26:37</span>
        <span class="hover-info">创建</span>
    </span>
    
        <span class="article-date article-meta-item">
            <i class="fa-regular fa-wrench"></i>&nbsp;
            <span class="desktop">2024-06-06 06:05:16</span>
            <span class="mobile">2024-06-06 06:05:16</span>
            <span class="hover-info">更新</span>
        </span>
    

    
        <span class="article-categories article-meta-item">
            <i class="fa-regular fa-folders"></i>&nbsp;
            <ul>
                
                
                    
                        
                        <li>
                            <a href="/categories/Android%E9%80%86%E5%90%91/">Android逆向</a>&nbsp;
                        </li>
                    
                    
                
            </ul>
        </span>
    
    
        <span class="article-tags article-meta-item">
            <i class="fa-regular fa-tags"></i>&nbsp;
            <ul>
                
                    <li>
                        <a href="/tags/App%E6%8A%93%E5%8C%85/">App抓包</a>&nbsp;
                    </li>
                
                    <li>
                        | <a href="/tags/Frida-Hook/">Frida Hook</a>&nbsp;
                    </li>
                
                    <li>
                        | <a href="/tags/socket%E6%8A%93%E5%8C%85/">socket抓包</a>&nbsp;
                    </li>
                
            </ul>
        </span>
    

    
    
    
    
        <span class="article-pv article-meta-item">
            <i class="fa-regular fa-eye"></i>&nbsp;<span id="busuanzi_value_page_pv"></span>
        </span>
    
</div>

				</div>
			</div>
		</div>
		

		


		<div class="article-content markdown-body px-2 sm:px-6 md:px-8 pb-8">
			<p>tcp/udp协议以及一些字段的溯源，快速定位一些字段（例如用户名和密码）是怎么加密的，分析出来之后怎么去进行枚举、重放。</p>
<p>典型的应用就是怎么去编写爬虫去爬去例如商城的商品等</p>
<hr>
<h2 id="问题"><a href="#问题" class="headerlink" title="问题"></a>问题</h2><p>接下来几篇文章我们需要解决的问题</p>
<blockquote>
<p>如何对自定义协议进行逆向分析？</p>
<p>发送参数被加密，如何快速完成参数处理流程的定位？</p>
<p>加密算法复杂，如何主动调用完成对数据包的处理和重放？</p>
</blockquote>
<h2 id="目标"><a href="#目标" class="headerlink" title="目标"></a>目标</h2><p>通过分析需要达到的目的</p>
<blockquote>
<p>掌握阅读和分析Android系统框架层网络数据包接收发送的源码逻辑</p>
<p>掌握快速进行字段追踪溯源的技巧</p>
<p>掌握基于frida、xposed、AndroidNativeEmu、Unidbg等的主动调用技巧，从而完成对协议的枚举和爆破、甚至是数据的爬取</p>
</blockquote>
<h2 id="逆向分析思想"><a href="#逆向分析思想" class="headerlink" title="逆向分析思想"></a>逆向分析思想</h2><p>堆栈回溯思想</p>
<blockquote>
<p>逐层向上追溯、对参数的处理，关键函数和参数处理放在so中。所以分别在Java和JNI中怎么处理</p>
</blockquote>
<p>控制流分析与数据流分析相结合思想</p>
<blockquote>
<p>参数处理流程、关键API</p>
</blockquote>
<p>关键字符串、关键API定位思想</p>
<blockquote>
<p>对这些关键点要格外注意跟Windows分析一样</p>
</blockquote>
<hr>
<img lazyload="" src="/images/loading.svg" data-src="/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240527165013099.png" class="" title="image-20240527165013099">

<ul>
<li>socket协议就在传输层</li>
<li>再上层的就是tcp、udp等协议在应用层</li>
</ul>
<p>有些App不会自己去调用socket来完成网络请求，因为麻烦。</p>
<p>通过hook** java.net.Socket**背后所封装的关键API，获取信息</p>
<hr>
<h2 id="创建demo来作为分析案例"><a href="#创建demo来作为分析案例" class="headerlink" title="创建demo来作为分析案例"></a>创建demo来作为分析案例</h2><p>这里写一个简单的客户端和服务端的收发数据的demo</p>
<blockquote>
<p>服务端：<a class="link" target="_blank" rel="noopener" href="https://github.com/xiaoeeyu/TcpServer-Demo">python接收器<i class="fa-solid fa-arrow-up-right ml-[0.2em] font-light align-text-top text-[0.7em] link-icon"></i></a></p>
<img lazyload="" src="/images/loading.svg" data-src="/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240531123232991.png" class="" title="image-20240531123232991">

<p>客户端：<a class="link" target="_blank" rel="noopener" href="https://github.com/xiaoeeyu/okhttp2.6">App Demo<i class="fa-solid fa-arrow-up-right ml-[0.2em] font-light align-text-top text-[0.7em] link-icon"></i></a></p>
<img lazyload="" src="/images/loading.svg" data-src="/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240531123256577.png" class="" title="image-20240531123256577">
</blockquote>
<p>要使用的工具安装</p>
<blockquote>
<p>安装tcpdump：等下用来抓包测试通信是否畅通</p>
<ul>
<li>下载<a class="link" target="_blank" rel="noopener" href="https://www.androidtcpdump.com/download/4.99.4.1.10.4/tcpdump">tcpdump包<i class="fa-solid fa-arrow-up-right ml-[0.2em] font-light align-text-top text-[0.7em] link-icon"></i></a>，将其拷贝到手机<code>adb push tcpdump /data/local/tmp/</code></li>
<li>设置执行权限<code>chmod 755 tcpdump</code></li>
<li>添加到环境变量<code>export PATH=$PATH:/data/local/tmp</code></li>
</ul>
<p>安装wire shark：Ubuntu自身没有带，如果是kali的话自带的就有</p>
<pre><code># 更新软件包列表
sudo apt update

# 安装Wireshark
sudo apt install wireshark-qt

# 在安装过程中选择允许非超级用户捕获数据包（如果提示）

# 将当前用户添加到wireshark组
sudo usermod -aG wireshark $(whoami)
</code></pre>
</blockquote>
<p>使用tcpdump对手机上的所有通信进行抓包然后用wireshark打开分析</p>
<ul>
<li><p>tcpdump抓包</p>
<pre><code>adb shell
su
cd /data/local/tmp/
tcpdump -i any -s 0 -w /sdcard/01.pcap
</code></pre>
</li>
</ul>
<p>然后运行我们demo的客户端和服务端</p>
<p>抓完后用wireshark打开查看，确认数据收发通信正常</p>
<p>把我们抓到的数据包pull下来用wireshark查看<code>wireshark 01.pcap</code></p>
<img lazyload="" src="/images/loading.svg" data-src="/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240531122459703.png" class="" title="image-20240531122459703">

<ul>
<li>这里我们的demo没有对数据进行加密，所以抓到的包都是明文的。现在的App一般都会对数据进行加密，不会使用这种http明文传输</li>
<li>抓包看到通信没有问题，接下来调试分析我们的代码，分析合适的hook点</li>
</ul>
<h2 id="代码分析"><a href="#代码分析" class="headerlink" title="代码分析"></a>代码分析</h2><p>调试分析客户端的的源码来获取抓包的hook时机</p>
<p>调试的时候注意下载好对应系统的sdk，在设置&gt;androidSDK里面可以直接下载，具体的配置过程都可以搜索到不在这里啰嗦</p>
<ul>
<li>下面这段代码分析比较简单也比较啰嗦可以直接看分析结果</li>
</ul>
<h5 id="构造socket"><a href="#构造socket" class="headerlink" title="构造socket"></a>构造socket</h5><p>从socket构造开始调试我们的客户端代码</p>
<img lazyload="" src="/images/loading.svg" data-src="/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240531152406588.png" class="" title="image-20240531152406588">

<ul>
<li>按F7步入</li>
</ul>
<img lazyload="" src="/images/loading.svg" data-src="/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240531164140370.png" class="" title="image-20240531164140370">

<p>创建套接字，建立连接</p>
<img lazyload="" src="/images/loading.svg" data-src="/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240531164319343.png" class="" title="image-20240531164319343">

<ul>
<li><p>socket有很多重载，这里使用的是这四个参数的重载</p>
</li>
<li><p>在for循环中使用工厂模式创建套接字实例<code>setImpl()</code></p>
<img lazyload="" src="/images/loading.svg" data-src="/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240531182636108.png" class="" title="image-20240531182636108">

<ul>
<li>impl -&gt; java.net.SocksSocketImpl</li>
</ul>
</li>
<li><p>使用connect建立连接使用的方法</p>
<p>connect(SocketAddress endpoint)</p>
</li>
</ul>
<h5 id="接收数据"><a href="#接收数据" class="headerlink" title="接收数据"></a>接收数据</h5><p>清除其它断点直接断在接收数据处，看看接收数据使用的方法</p>
<img lazyload="" src="/images/loading.svg" data-src="/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240531185409687.png" class="" title="image-20240531185409687">

<ul>
<li>java.net.SocketInputStream.read（byte[]）</li>
</ul>
<h5 id="发送数据"><a href="#发送数据" class="headerlink" title="发送数据"></a>发送数据</h5><p>同样直接断下载看发送数据使用的方法</p>
<img lazyload="" src="/images/loading.svg" data-src="/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240531185801277.png" class="" title="image-20240531185801277">

<ul>
<li>java.net.SocketOutputStream.write(byte[])</li>
</ul>
<h5 id="分析结果"><a href="#分析结果" class="headerlink" title="分析结果"></a>分析结果</h5><p>经过分析我们拿到了下面这些hook点</p>
<blockquote>
<p>java.net.Socket类构造函数：new Socket(ip, port);</p>
<p>​	private Socket(InetAddress[] addresses, int port, SocketAddress localAddr,boolean stream)</p>
<p>​		创建套接字：impl -&gt; java.net.SocksSocketImpl</p>
<p>建立连接：connect(SocketAddress endpoint)</p>
<p>接收数据：java.net.SocketInputStream.read(byte[])</p>
<p>发送数据：java.net.SocketOutputStream.write(byte[])</p>
</blockquote>
<h2 id="Android源码分析"><a href="#Android源码分析" class="headerlink" title="Android源码分析"></a>Android<a class="link" target="_blank" rel="noopener" href="http://androidxref.com/8.1.0_r33/">源码<i class="fa-solid fa-arrow-up-right ml-[0.2em] font-light align-text-top text-[0.7em] link-icon"></i></a>分析</h2><p>接下来分析Android源码，获取我们方才分析拿到的方法，在框架背后的实现</p>
<p>暂时我们的源码分析先到java层结束为止，不进入native层分析。后面如果碰到不使用Java层的API，直接调用libc中的API进行通信的再继续往下分析，当然还有更进一步的跳过libc中的API，直接使用系统调用的情况，如果遇到再进行单独分析</p>
<h5 id="接收数据：java-net-SocketInputStream-read-byte"><a href="#接收数据：java-net-SocketInputStream-read-byte" class="headerlink" title="接收数据：java.net.SocketInputStream.read(byte[])"></a>接收数据：java.net.SocketInputStream.read(byte[])</h5><img lazyload="" src="/images/loading.svg" data-src="/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240531233558633.png" class="" title="image-20240531233558633">

<pre><code class="java">    public int read(byte b[]) throws IOException {
        return read(b, 0, b.length);
    }
-&gt;这里的回调指向了下面有三个参数的read函数
    
     public int read(byte b[], int off, int length) throws IOException {
        return read(b, off, length, impl.getTimeout());
    }   
-&gt;这里的回调指向了下面有四个参数的read函数
    
        int read(byte b[], int off, int length, int timeout) throws IOException {
        int n;

        // EOF already encountered
        if (eof) {
            return -1;
        }

        // connection reset
        if (impl.isConnectionReset()) {
            throw new SocketException("Connection reset");
        }

        // bounds check
        if (length &lt;= 0 || off &lt; 0 || length &gt; b.length - off) {
            if (length == 0) {
                return 0;
            }
            throw new ArrayIndexOutOfBoundsException("length == " + length
                    + " off == " + off + " buffer length == " + b.length);
        }

        // acquire file descriptor and do the read
        FileDescriptor fd = impl.acquireFD();
        try {
            // Android-added: Check BlockGuard policy in read().
            BlockGuard.getThreadPolicy().onNetwork();
            n = socketRead(fd, b, off, length, timeout);	// 这个函数中时机调用了socketRead()来进行读，跟进去这个函数
            if (n &gt; 0) {
                return n;
            }
        } catch (ConnectionResetException rstExc) {
            impl.setConnectionReset();
        } finally {
            impl.releaseFD();
        }

        /*
         * If we get here we are at EOF, the socket has been closed,
         * or the connection has been reset.
         */
        if (impl.isClosedOrPending()) {
            throw new SocketException("Socket closed");
        }
        if (impl.isConnectionReset()) {
            throw new SocketException("Connection reset");
        }
        eof = true;
        return -1;
    }

&gt;&gt;&gt;跟进上面的socketRead()
        private int socketRead(FileDescriptor fd,
                           byte b[], int off, int len,
                           int timeout)
        throws IOException {
        return socketRead0(fd, b, off, len, timeout);
    }
-&gt;这里的回调是socketRead0()
        private native int socketRead0(FileDescriptor fd,
                                   byte b[], int off, int len,
                                   int timeout)	// 可以看到这个socketRead0是一个JNI函数，TCP协议接收处理的框架Java层到这里就结束了
</code></pre>
<ul>
<li>接收数据的调用链</li>
</ul>
<h5 id="发送数据：java-net-SocketOutputStream-write-byte"><a href="#发送数据：java-net-SocketOutputStream-write-byte" class="headerlink" title="发送数据：java.net.SocketOutputStream.write(byte[])"></a>发送数据：java.net.SocketOutputStream.write(byte[])</h5><pre><code class="java">    public void write(byte b[]) throws IOException {
        socketWrite(b, 0, b.length);	// 跟进回调
    }
-&gt;
        private void socketWrite(byte b[], int off, int len) throws IOException {


        if (len &lt;= 0 || off &lt; 0 || len &gt; b.length - off) {
            if (len == 0) {
                return;
            }
            throw new ArrayIndexOutOfBoundsException("len == " + len
                    + " off == " + off + " buffer length == " + b.length);
        }

        FileDescriptor fd = impl.acquireFD();
        try {
            // Android-added: Check BlockGuard policy in socketWrite.
            BlockGuard.getThreadPolicy().onNetwork();
            socketWrite0(fd, b, off, len);	// 继续往下跟进
        } catch (SocketException se) {
            if (impl.isClosedOrPending()) {
                throw new SocketException("Socket closed");
            } else {
                throw se;
            }
        } finally {
            impl.releaseFD();
        }
    }
-&gt;
        private native void socketWrite0(FileDescriptor fd, byte[] b, int off,
                                     int len) throws IOException;	// 到这里跟接收数据的代码一样，Java层的代码调用就结束了
</code></pre>
<ul>
<li>发送数据的调用链</li>
</ul>
<p>根据对Android源码的分析，我们hook刚才框架层调用链中的任何一个函数都可以得到它发送和接收的原始数据包，当然这里通过hook拿到的数据可能是已经加密处理过的数据</p>
<p>接下来就根据我们之前调试代码的时候分析到这些点来编写一个简单的hook代码</p>
<pre><code class="js">function hooktcp() {
    Java.perform(function () {
        var SocketClass = Java.use('java.net.Socket')
        SocketClass.$init.overload('java.lang.String', 'int').implementation = function (arg0, arg1) {
            console.log("[" + Process.getCurrentThreadId() + "]new Socket connection: " + arg0 + "port: " + arg1)
            return this.$init(arg0, arg1)
        }

        var SocketInputStreamClass = Java.use('java.net.SocketInputStream')
        // hook socketRead0()
        SocketInputStreamClass.socketRead0.implementation = function (arg0, arg1, arg2, arg3, arg4) {
            var size = this.socketRead0(arg0, arg1, arg2, arg3, arg4)
            console.log("[" + Process.getCurrentThreadId() + "]socketRead0 &gt; size: " + size)
            return size;
        }


        var SocketOutputStreamClass = Java.use('java.net.SocketOutputStream')
        // hook socketWrite0()
        SocketOutputStreamClass.socketWrite0.implementation = function (arg0, arg1, arg2, arg3) {
            var size = this.socketWrite0(arg0, arg1, arg2, arg3)
            console.log("[" + Process.getCurrentThreadId() + "]socketWrite0 &gt; size: " + arg3 + "--content: " + JSON.stringify(arg1))
            return size;
        }
    })
}

function main() {
    hooktcp()
}

setImmediate(main)
</code></pre>
<ul>
<li>hook发送和接收数据的点选择了Java层调用链最后的JNI函数</li>
</ul>
<p>执行结果：打印出了调用过程中传递的参数</p>
<img lazyload="" src="/images/loading.svg" data-src="/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240601013358738.png" class="" title="image-20240601013358738">

<p>通过hook成功的获取了通信的数据包，同样的在这个过程中如果把堆栈打印出来也就能成功的定位到是哪个地方发起了通信请求</p>
<p>添加堆栈打印代码：</p>
<pre><code class="java">function LogPrint(log) {
    var theDate = new Date();
    var hour = theDate.getHours();
    var minute = theDate.getMinutes();
    var second = theDate.getSeconds();
    var mSecond = theDate.getMilliseconds();

    hour &lt; 10 ? hour = "0" + hour : hour;
    minute &lt; 10 ? minute = "0" + minute : minute;
    second &lt; 10 ? second = "0" + second : second;
    mSecond &lt; 10 ? mSecond = "00" + mSecond : mSecond &lt; 100 ? mSecond = "0" + mSecond : mSecond;
    var time = hour + ":" + minute + ":" + second + ":" + mSecond;
    var threadid = Process.getCurrentThreadId();
    console.log("[" + time + "]" + "-&gt;threadid:" + threadid + "--" + log);

}
function printJavaStack(name) {
    Java.perform(function () {
        var Exception = Java.use("java.lang.Exception");
        var ins = Exception.$new("Exception");
        var straces = ins.getStackTrace();
        if (straces != undefined &amp;&amp; straces != null) {
            var strace = straces.toString();
            var replaceStr = strace.replace(/,/g, " \n ");
            LogPrint("=============================" + name + " Stack strat=======================");
            LogPrint(replaceStr);
            LogPrint("=============================" + name + " Stack end======================= \n ");
            Exception.$dispose();
        }
    });
}
</code></pre>
<p>执行后的打印结果：</p>
<img lazyload="" src="/images/loading.svg" data-src="/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240601022304835.png" class="" title="image-20240601022304835">

<ul>
<li>打印出来了堆栈信息，代码中还添加了打印出接收到的信息并处理了一下转为字符串</li>
</ul>
<h5 id="打印IP地址"><a href="#打印IP地址" class="headerlink" title="打印IP地址"></a>打印IP地址</h5><p>通过调试断在发送和接收数据的地方，看他的IP地址在那个字段中放着</p>
<img lazyload="" src="/images/loading.svg" data-src="/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240601223536475.png" class="" title="image-20240601223536475">

<ul>
<li>从这个地方拿到通信对端的IP和端口</li>
</ul>
<p>添加frida脚本代码</p>
<pre><code class="js">            var socketimpl = this.impl.value;
            var address = socketimpl.address.value;
            var port = socketimpl.port.value;
</code></pre>
<p>发送的时候也是一样</p>
<img lazyload="" src="/images/loading.svg" data-src="/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240601230334985.png" class="" title="image-20240601230334985">

<p>脚本跟刚才的一摸一样都不用变</p>
<pre><code class="js">            var socketimpl = this.impl.value;
            var address = socketimpl.address.value;
            var port = socketimpl.port.value;
</code></pre>
<p>添加完之后再将这些信息再打印出来</p>
<h6 id="执行脚本"><a href="#执行脚本" class="headerlink" title="执行脚本"></a>执行脚本<img lazyload="" src="/images/loading.svg" data-src="/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240601232134172.png" class="" title="image-20240601232134172"></h6><ul>
<li>可以看到ip和端口都打印出来了</li>
</ul>
<h6 id="拿其它的App试一下"><a href="#拿其它的App试一下" class="headerlink" title="拿其它的App试一下"></a>拿其它的App试一下</h6><p>例如测试了嘿嘿连载和咸鱼的App</p>
<img lazyload="" src="/images/loading.svg" data-src="/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240601234311781.png" class="" title="image-20240601234311781">

<img lazyload="" src="/images/loading.svg" data-src="/2024/06/01/Java%E5%B1%82socket%E6%8A%93%E5%8C%85%E4%B8%8E%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%EF%BC%88%E4%B8%8A%EF%BC%89/image-20240601234258302.png" class="" title="image-20240601234258302">

<ul>
<li>都可以成功拿到ip和端口</li>
</ul>
<h6 id="附件："><a href="#附件：" class="headerlink" title="附件："></a>附件：</h6><p>本章写的<a class="link" target="_blank" rel="noopener" href="https://github.com/xiaoeeyu/hookTcp-demo">frida-socket抓包脚本<i class="fa-solid fa-arrow-up-right ml-[0.2em] font-light align-text-top text-[0.7em] link-icon"></i></a></p>

		</div>

		
		<div class="post-copyright-info w-full my-8 px-2 sm:px-6 md:px-8">
			<div class="article-copyright-info-container">
    <ul>
        <li><strong>标题:</strong> Java层socket抓包与源码分析（上）</li>
        <li><strong>作者:</strong> xiaoeryu</li>
        <li><strong>创建于
                :</strong> 2024-06-01 10:26:37</li>
        
            <li>
                <strong>更新于
                    :</strong> 2024-06-06 06:05:16
            </li>
        
        <li>
            <strong>链接:</strong> https://github.com/xiaoeryu/2024/06/01/Java层socket抓包与源码分析（上）/
        </li>
        <li>
            <strong>
                版权声明:
            </strong>
            

            
                本文章采用 <a class="license" target="_blank" rel="noopener" href="https://creativecommons.org/licenses/by-nc-sa/4.0">CC BY-NC-SA 4.0</a> 进行许可。
            
        </li>
    </ul>
</div>

		</div>
		

		
		<ul class="post-tags-box text-lg mt-1.5 flex-wrap justify-center flex md:hidden">
			
			<li class="tag-item mx-0.5">
				<a href="/tags/App%E6%8A%93%E5%8C%85/">#App抓包</a>&nbsp;
			</li>
			
			<li class="tag-item mx-0.5">
				<a href="/tags/Frida-Hook/">#Frida Hook</a>&nbsp;
			</li>
			
			<li class="tag-item mx-0.5">
				<a href="/tags/socket%E6%8A%93%E5%8C%85/">#socket抓包</a>&nbsp;
			</li>
			
		</ul>
		

		

		
		<div class="article-nav my-8 flex justify-between items-center px-2 sm:px-6 md:px-8">
			
			<div class="article-prev border-border-color shadow-redefine-flat shadow-shadow-color-2 rounded-medium px-4 py-2 hover:shadow-redefine-flat-hover hover:shadow-shadow-color-2">
				<a class="prev" rel="prev" href="/2024/06/01/Ubuntu%E9%85%8D%E7%BD%AE%E9%9D%99%E6%80%81ip/">
					<span class="left arrow-icon flex justify-center items-center">
						<i class="fa-solid fa-chevron-left"></i>
					</span>
					<span class="title flex justify-center items-center">
						<span class="post-nav-title-item">Ubuntu配置静态ip</span>
						<span class="post-nav-item">上一篇</span>
					</span>
				</a>
			</div>
			
			
			<div class="article-next border-border-color shadow-redefine-flat shadow-shadow-color-2 rounded-medium px-4 py-2 hover:shadow-redefine-flat-hover hover:shadow-shadow-color-2">
				<a class="next" rel="next" href="/2024/06/01/i%E8%8C%85%E5%8F%B0-%E8%91%AB%E8%8A%A6%E5%A8%83%E9%A2%84%E7%BA%A6%E5%B9%B3%E5%8F%B0%E6%90%AD%E5%BB%BA/">
					<span class="title flex justify-center items-center">
						<span class="post-nav-title-item">i茅台+葫芦娃预约平台搭建</span>
						<span class="post-nav-item">下一篇</span>
					</span>
					<span class="right arrow-icon flex justify-center items-center">
						<i class="fa-solid fa-chevron-right"></i>
					</span>
				</a>
			</div>
			
		</div>
		


		
		<div class="comment-container px-2 sm:px-6 md:px-8 pb-8">
			<div class="comments-container mt-10 w-full ">
    <div id="comment-anchor" class="w-full h-2.5"></div>
    <div class="comment-area-title w-full my-1.5 md:my-2.5 text-xl md:text-3xl font-bold">
        评论
    </div>
    

        
            


        
    
</div>

		</div>
		
	</div>

	
	<div class="toc-content-container">
		<div class="post-toc-wrap">
	<div class="post-toc">
		<div class="toc-title">目录</div>
		<div class="page-title">Java层socket抓包与源码分析（上）</div>
		<ol class="nav"><li class="nav-item nav-level-2"><a class="nav-link" href="#%E9%97%AE%E9%A2%98"><span class="nav-text">问题</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#%E7%9B%AE%E6%A0%87"><span class="nav-text">目标</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#%E9%80%86%E5%90%91%E5%88%86%E6%9E%90%E6%80%9D%E6%83%B3"><span class="nav-text">逆向分析思想</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#%E5%88%9B%E5%BB%BAdemo%E6%9D%A5%E4%BD%9C%E4%B8%BA%E5%88%86%E6%9E%90%E6%A1%88%E4%BE%8B"><span class="nav-text">创建demo来作为分析案例</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#%E4%BB%A3%E7%A0%81%E5%88%86%E6%9E%90"><span class="nav-text">代码分析</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#Android%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90"><span class="nav-text">Android源码分析</span></a></li></ol>

	</div>
</div>
	</div>
	
</div>
			</div>

			
		</div>

		<div class="main-content-footer">
			<footer class="footer mt-5 py-5 h-auto text-base text-third-text-color relative border-t-2 border-t-border-color">
    <div class="info-container py-3 text-center">
        
        <div class="text-center">
            &copy;
            
              <span>2022</span>
              -
            
            2025&nbsp;&nbsp;<i class="fa-solid fa-heart fa-beat" style="--fa-animation-duration: 0.5s; color: #f54545"></i>&nbsp;&nbsp;<a href="/">xiaoeryu</a>
            
                
                <p class="post-count space-x-0.5">
                    <span>
                        共撰写了 112 篇文章
                    </span>
                    
                </p>
            
        </div>
        
            <script data-swup-reload-script src="https://busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script>
            <div class="relative text-center lg:absolute lg:right-[20px] lg:top-1/2 lg:-translate-y-1/2 lg:text-right">
                
                    <span id="busuanzi_container_site_uv" class="lg:!block">
                        <span class="text-sm">访问人数</span>
                        <span id="busuanzi_value_site_uv"></span>
                    </span>
                
                
                    <span id="busuanzi_container_site_pv" class="lg:!block">
                        <span class="text-sm">总访问量</span>
                        <span id="busuanzi_value_site_pv"></span>
                    </span>
                
            </div>
        
        <div class="relative text-center lg:absolute lg:left-[20px] lg:top-1/2 lg:-translate-y-1/2 lg:text-left">
            <span class="lg:block text-sm">由 <?xml version="1.0" encoding="utf-8"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg class="relative top-[2px] inline-block align-baseline" version="1.1" id="圖層_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="1rem" height="1rem" viewBox="0 0 512 512" enable-background="new 0 0 512 512" xml:space="preserve"><path fill="#0E83CD" d="M256.4,25.8l-200,115.5L56,371.5l199.6,114.7l200-115.5l0.4-230.2L256.4,25.8z M349,354.6l-18.4,10.7l-18.6-11V275H200v79.6l-18.4,10.7l-18.6-11v-197l18.5-10.6l18.5,10.8V237h112v-79.6l18.5-10.6l18.5,10.8V354.6z"/></svg><a target="_blank" class="text-base" href="https://hexo.io">Hexo</a> 驱动</span>
            <span class="text-sm lg:block">主题&nbsp;<a class="text-base" target="_blank" href="https://github.com/EvanNotFound/hexo-theme-redefine">Redefine v2.8.2</a></span>
        </div>
        
        
            <div>
                博客已运行 <span class="odometer" id="runtime_days" ></span> 天 <span class="odometer" id="runtime_hours"></span> 小时 <span class="odometer" id="runtime_minutes"></span> 分钟 <span class="odometer" id="runtime_seconds"></span> 秒
            </div>
        
        
            <script data-swup-reload-script>
                try {
                    function odometer_init() {
                    const elements = document.querySelectorAll('.odometer');
                    elements.forEach(el => {
                        new Odometer({
                            el,
                            format: '( ddd).dd',
                            duration: 200
                        });
                    });
                    }
                    odometer_init();
                } catch (error) {}
            </script>
        
        
        
    </div>  
</footer>
		</div>
	</div>

	
	<div class="post-tools">
		<div class="post-tools-container">
	<ul class="article-tools-list">
		<!-- TOC aside toggle -->
		
		<li class="right-bottom-tools page-aside-toggle">
			<i class="fa-regular fa-outdent"></i>
		</li>
		

		<!-- go comment -->
		
		<li class="go-comment">
			<i class="fa-regular fa-comments"></i>
		</li>
		
	</ul>
</div>
	</div>
	

	<div class="right-side-tools-container">
		<div class="side-tools-container">
	<ul class="hidden-tools-list">
		<li class="right-bottom-tools tool-font-adjust-plus flex justify-center items-center">
			<i class="fa-regular fa-magnifying-glass-plus"></i>
		</li>

		<li class="right-bottom-tools tool-font-adjust-minus flex justify-center items-center">
			<i class="fa-regular fa-magnifying-glass-minus"></i>
		</li>

		<li class="right-bottom-tools tool-dark-light-toggle flex justify-center items-center">
			<i class="fa-regular fa-moon"></i>
		</li>

		<!-- rss -->
		

		

		<li class="right-bottom-tools tool-scroll-to-bottom flex justify-center items-center">
			<i class="fa-regular fa-arrow-down"></i>
		</li>
	</ul>

	<ul class="visible-tools-list">
		<li class="right-bottom-tools toggle-tools-list flex justify-center items-center">
			<i class="fa-regular fa-cog fa-spin"></i>
		</li>
		
		<li class="right-bottom-tools tool-scroll-to-top flex justify-center items-center">
			<i class="arrow-up fas fa-arrow-up"></i>
			<span class="percent"></span>
		</li>
		
		
	</ul>
</div>
	</div>

	<div class="image-viewer-container">
	<img src="">
</div>

	
	<div class="search-pop-overlay">
	<div class="popup search-popup">
		<div class="search-header">
			<span class="search-input-field-pre">
				<i class="fa-solid fa-keyboard"></i>
			</span>
			<div class="search-input-container">
				<input autocomplete="off" autocorrect="off" autocapitalize="off" placeholder="站内搜索您需要的内容..." spellcheck="false" type="search" class="search-input">
			</div>
			<span class="popup-btn-close">
				<i class="fa-solid fa-times"></i>
			</span>
		</div>
		<div id="search-result">
			<div id="no-result">
				<i class="fa-solid fa-spinner fa-spin-pulse fa-5x fa-fw"></i>
			</div>
		</div>
	</div>
</div>
	

</main>



<script src="/js/build/libs/Swup.min.js"></script>

<script src="/js/build/libs/SwupSlideTheme.min.js"></script>

<script src="/js/build/libs/SwupScriptsPlugin.min.js"></script>

<script src="/js/build/libs/SwupProgressPlugin.min.js"></script>

<script src="/js/build/libs/SwupScrollPlugin.min.js"></script>

<script src="/js/build/libs/SwupPreloadPlugin.min.js"></script>

<script>
    const swup = new Swup({
        plugins: [
            new SwupScriptsPlugin({
                optin: true,
            }),
            new SwupProgressPlugin(),
            new SwupScrollPlugin({
                offset: 80,
            }),
            new SwupSlideTheme({
                mainElement: ".main-content-body",
            }),
            new SwupPreloadPlugin(),
        ],
        containers: ["#swup"],
    });
</script>




	
<script src="/js/build/tools/imageViewer.js" type="module"></script>

<script src="/js/build/utils.js" type="module"></script>

<script src="/js/build/main.js" type="module"></script>

<script src="/js/build/layouts/navbarShrink.js" type="module"></script>

<script src="/js/build/tools/scrollTopBottom.js" type="module"></script>

<script src="/js/build/tools/lightDarkSwitch.js" type="module"></script>

<script src="/js/build/layouts/categoryList.js" type="module"></script>



    
<script src="/js/build/tools/localSearch.js" type="module"></script>




    
<script src="/js/build/tools/codeBlock.js" type="module"></script>




    
<script src="/js/build/layouts/lazyload.js" type="module"></script>




    
<script src="/js/build/tools/runtime.js"></script>

    
<script src="/js/build/libs/odometer.min.js"></script>

    
<link rel="stylesheet" href="/assets/odometer-theme-minimal.css">




  
<script src="/js/build/libs/Typed.min.js"></script>

  
<script src="/js/build/plugins/typed.js" type="module"></script>








    
<script src="/js/build/libs/anime.min.js"></script>





    
<script src="/js/build/tools/tocToggle.js" type="module" data-swup-reload-script=""></script>

<script src="/js/build/layouts/toc.js" type="module" data-swup-reload-script=""></script>

<script src="/js/build/plugins/tabs.js" type="module" data-swup-reload-script=""></script>




<script src="/js/build/libs/moment-with-locales.min.js" data-swup-reload-script=""></script>


<script src="/js/build/layouts/essays.js" type="module" data-swup-reload-script=""></script>





	
</body>

</html>